CSRF never fails - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28) +--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forumdisplay.php?fid=30) +--- Thread: CSRF never fails (/showthread.php?tid=81395) |
CSRF never fails - Gary - 02-23-2022 Is it just me, or is anyone else experiencing an issue with the CSRF Filter never failing? Security.php's function verify(RequestInterface $request) has the following line, that for the life of me, I can't get to fail anymore!? Code: if (! isset($token, $this->hash) || ! hash_equals($this->hash, $token)) { RE: CSRF never fails - kenjis - 02-23-2022 How do you know the line is the cause? RE: CSRF never fails - Gary - 02-24-2022 Finger trouble, sorry, wrong line! I'll correct it to make the question more sensible, thanks Kenjis. That being said, I wasn't implying the line was the cause... it is only the final "deciding" test... so the problem was somewhere in the setting/recovery of the variables in the comparison. At any rate, although I didn't get to the bottom of it, I changed the code elsewhere to sidestep the problem... so the problem was likely just me. |